身份验证如何应用于在Visual Studio 2010中使用C＃的Web应用程序的所有aspx页面？

Question

I have create a web application in Visual Studio 2010 using C#.

I have two web page and the web application is hosted on a machine that has joined a domain WATSON

The first web page is basically the login page. The end user will enter their username and password and select their domain and click submit.

Now, the problem is that although I use the following code to authenticated the user, but I do not know how should I store the authenticated result as.

using(PrincipalContext pc = new PrincipalContext(ContextType.Domain, txtboxDomain.Text))
{
    // validate the credentials
    bool isValid = pc.ValidateCredentials(txtboxUser.Text, txtboxPass.Text);
}

I thought of storing the authenticated result as a cookie but I run the risk that the end-user might disable the cookie setting or the end-user try something funny to the cookie.

Also, I can't be possible putting the login page on each of the web pages that my web application have.

Also, suppose I redirect the end-user who have successfully authenticated to another aspx page, the end-user might just bookmark that aspx page. So, next time, the end-user will just go straight to the aspx page without going to the Login page. Then the end-user will not need to login, which is what I don't want it to happen.

So, how should I go about to enable that only those correct and rightful user are able to access the another aspx page?

Answer 1

Take a look at one of my answers how you can set windows authentication on application level:

WindowsIdentity and Classic .Net App Pool

And here is another link how you can limit user access to specific pages, it might get you handy:

How to restrict unlogged/unauthorized users from viewing web pages in ASP.NET